hive_server_hive' reference instead of creating the same identity again.

Swapan Shridhar Fri, 17 Nov 2017 23:56:39 -0800

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63937/
-----------------------------------------------------------


Review request for Ambari, Jayush Luniya, Madhuvanthi Radhakrishnan, and Robert 
Levas.


Bugs: AMBARI-22472
    https://issues.apache.org/jira/browse/AMBARI-22472


Repository: ambari


Description
-------

**Background:**
YARN NodeManager currently have 2 identities in 2.5 and 2.6 stack, namely : 
*'/HIVE/HIVE_SERVER/hive_server_hive'*  and *'llap_zk_hive'*.
- */HIVE/HIVE_SERVER/hive_server_hive* is a reference from HIVE_SERVER, whereas
- *llap_zk_hive* creates same principal as above in a separate keytab file.

**Issue:** Recreating same identities in different files creates issues while 
AMbari upgrade from 2.5 to 2.6, as the *llap_zk_hive* are not refreshed/updated 
after the upgrade. Thus, HSI fails to come up.

**Fix:** Make * llap_zk_hive* also point as a reference pointing to 
/HIVE/HIVE_SERVER/hive_server_hive, so that we have one identity getting 
created only at one place and one keytab file.


Diffs
-----

  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog260.java
 96ce807 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog260Test.java
 be04cd5 
  
ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_ranger_kms.json
 e17e121 


Diff: https://reviews.apache.org/r/63937/diff/1/


Testing
-------

**TESTING:**

||||||||||||||||||||||||||     Ambari 2.5, before upgrade:     
||||||||||||||||||||||||||


{code:title=From /etc/hive2/cong/conf.server/hive-site.xml}
      <property>
      <name>hive.llap.daemon.keytab.file</name>
      <value>/etc/security/keytabs/hive.service.keytab</value>
    </property>

    <property>
      <name>hive.llap.daemon.service.principal</name>
      <value>hive/_h...@example.com</value>
    </property>

    <property>
      <name>hive.llap.zk.sm.keytab.file</name>
      <value>/etc/security/keytabs/hive.llap.zk.sm.keytab</value>
    </property>

    <property>
      <name>hive.llap.zk.sm.principal</name>
      <value>hive/_h...@example.com</value>
    </property>
{code} 


||||||||||||||||||||||||||    Upgrade to Ambari-2.6    
||||||||||||||||||||||||||


**Logs: Ambari Server Upgrade**

[root@swap-qqq-1 ~]# ambari-server upgrade
Using python  /usr/bin/python
Upgrading ambari-server
INFO: Upgrade Ambari Server
INFO: Updating Ambari Server properties in ambari.properties ...
INFO: Updating Ambari Server properties in ambari-env.sh ...
WARNING: Original file ambari-env.sh kept
INFO: Fixing database objects owner
Ambari Server configured for Embedded Postgres. Confirm you have made a backup 
of the Ambari Server database [y/n] (y)? y
INFO: Upgrading database schema
INFO: Return code from schema upgrade command, retcode = 0
INFO: Schema upgrade completed
Adjusting ambari-server permissions and ownership...
Ambari Server 'upgrade' completed successfully.
[root@swap-qqq-1 ~]#
[root@swap-qqq-1 ~]#
[root@swap-qqq-1 ~]#
[root@swap-qqq-1 ~]#
[root@swap-qqq-1 ~]# ambari-server --version
2.6.0.0-267
[root@swap-qqq-1 ~]#


**Logs : Updating Kerberos descriptors**

18 Nov 2017 07:25:54,003  INFO [main] UpgradeCatalog260:673 - Updating YARN's 
HSI Kerberos Descriptor ....
18 Nov 2017 07:25:54,003  INFO [main] UpgradeCatalog260:685 -   Retrieved 
HIVE->HIVE_SERVER kerberos descriptor. Name = hive_server_hive
18 Nov 2017 07:25:54,003  INFO [main] UpgradeCatalog260:700 -   Retrieved 
YARN->NODEMANAGER kerberos descriptor to be updated. Name = llap_zk_hive
18 Nov 2017 07:25:54,003  INFO [main] UpgradeCatalog260:709 -   Updated 
'llap_zk_hive' identity descriptor reference = 
'/HIVE/HIVE_SERVER/hive_server_hive'
18 Nov 2017 07:25:54,003  INFO [main] UpgradeCatalog260:712 -   Updated 
'llap_zk_hive' principal descriptor value = ''
18 Nov 2017 07:25:54,003  INFO [main] UpgradeCatalog260:717 -   Updated 
'llap_zk_hive' keytab descriptor file = ''
18 Nov 2017 07:25:54,003  INFO [main] UpgradeCatalog260:720 -   Updated 
'llap_zk_hive' keytab descriptor owner name = ''
18 Nov 2017 07:25:54,003  INFO [main] UpgradeCatalog260:722 -   Updated 
'llap_zk_hive' keytab descriptor owner access = ''
18 Nov 2017 07:25:54,003  INFO [main] UpgradeCatalog260:724 -   Updated 
'llap_zk_hive' keytab descriptor group name = ''
18 Nov 2017 07:25:54,003  INFO [main] UpgradeCatalog260:726 -   Updated 
'llap_zk_hive' keytab descriptor group access = ''
18 Nov 2017 07:25:54,004  INFO [main] UpgradeCatalog260:730 -   Updated 
'isYarnKerberosDescUpdated' = true


**Logs : Updated HSI config 'hive.llap.zk.sm.keytab.file'**

18 Nov 2017 07:25:54,073  INFO [main] UpgradeCatalog260:767 -   Updated HSI 
config 'hive.llap.zk.sm.keytab.file' = /etc/security/keytabs/hive.service.keytab


**From UI**:

Changed hive.llap.zk.sm.keytab.file : 
https://issues.apache.org/jira/secure/attachment/12898329/Screen%20Shot%202017-11-17%20at%2011.44.41%20PM.png

HSI up :
https://issues.apache.org/jira/secure/attachment/12898328/Screen%20Shot%202017-11-17%20at%2011.44.55%20PM.png


Thanks,

Swapan Shridhar

Review Request 63937: AMBARI-22472. Ambari Upgrade 2.5 -> 2.6 : Update NodeManager's HSI identity 'llap_zk_hive' to use '/HIVE/HIVE_SERVER/hive_server_hive' reference instead of creating the same identity again.

Reply via email to